Changelog

Platform release
history.

Every notable change shipped to the Devalo platform — security updates, module launches, billing changes, and infrastructure improvements.

View Roadmap Latest: v0.9.0 — March 5, 2026
v0.9.0 Pre-Launch

March 5, 2026

Production Deployment & Platform Hardening

  • Auto-bootstrap admin system — fresh VPS deployments no longer require manual database inserts to create the first account
  • Production startup validation — application refuses to boot with weak secrets, localhost origins, or missing encryption keys
  • Vite build pipeline fix — module imports (react-router-dom) now resolve correctly for files outside the frontend root
  • Mobile header overhaul — reduced height, centred logo, simplified hamburger menu, fixed collapsed menu padding
  • Dashboard widget system — 15 customisable drag-and-drop widgets with per-user layouts saved to the database
  • Tasks module launched — full task management with lists, subtasks, templates, colour priorities, and team assignment
  • Calendar module enhancements — reschedule flow, payment tracking columns, and encrypted PII fields widened
  • Billing quota engine — per-module tier config, per-user seat caps, SMS/email overage pricing, and quota recalculation
  • Database migrations 063–092 applied — user timezones, PII encryption, phone verification, invitations, billing coupons, RLS policies
  • Free business tools — QR code generator and email signature builder added to the marketing site
v0.8.0 Platform

March 2, 2026

API Standards & Marketing Site Integration

  • Marketing site pricing page now pulls live data from the platform API with cache and fallback behaviour
  • API endpoint path standardisation — consistent kebab-case URLs and snake_case response fields across all routes
  • Stripe checkout flow wired end-to-end from marketing site through to account registration
  • Module catalog API returns accurate tier pricing and feature descriptions
v0.7.0 Security

March 1, 2026

Comprehensive Security Audit Remediation

  • Platform-wide security audit completed — auth, sessions, billing, and tenant isolation all reviewed
  • Session binding hardened — device fingerprint and optional IP binding with configurable reauth
  • Rate limiting applied to all sensitive endpoints — login, password reset, 2FA verification
  • Audit logging verified on every data mutation endpoint — old and new values captured immutably
  • CORS and allowed hosts locked to production domains only when DEBUG is false
v0.6.0 Operations

February 28, 2026

Repository & Environment Cleanup

  • Removed committed node_modules and sensitive artifacts from repository history
  • Environment variable validation tightened — weak defaults rejected at startup in production
  • Deployment scripts updated for PowerShell-based VPS management
  • Backup encryption with AES-256-GCM using dedicated BACKUP_ENCRYPTION_KEY
v0.5.0 Billing

February 27, 2026

Per-Module Billing Foundation

  • Module tier configuration stored in database — starter, growth, business, enterprise plans per module
  • Per-user module access with seat cap enforcement at the API layer
  • Tenant quota service — recalculates SMS, email, and storage limits when subscriptions change
  • Stripe subscription lifecycle management — create, upgrade, downgrade, cancel
v0.4.0 Auth

February 25, 2026

Onboarding State Machine & Auth Stabilisation

  • Auth state machine enforced in strict order — account setup, password change, TOS, 2FA, business setup
  • Three signup paths stabilised — self-service (Stripe), business invitation, team member
  • Login/signup redirect loops resolved across all onboarding paths
  • Welcome animation and onboarding completion page added
v0.3.0 Security

February 24, 2026

Encryption Upgrade & Public Endpoints

  • AES-256-GCM field-level encryption with HKDF per-context key derivation replaced legacy Fernet
  • Public contact form endpoint with Cloudflare Turnstile bot protection
  • Dual-format decryption support for migrating existing Fernet-encrypted data
  • PII columns identified and encrypted — names, phone numbers, ABN, billing email
v0.2.0 Platform

February 17, 2026

Calendar Module & Platform Admin

  • Calendar module merged — public booking pages, availability grids, appointment management
  • Platform admin dashboard — cross-org visibility for monitoring, support, and billing management
  • Stripe billing integration foundation — customer creation, subscription management, webhook handling
  • Scoreboard module launched — sales tracking, leaderboards, targets, display mode
v0.1.0 Foundation

February 10, 2026

Initial Platform Foundation

  • FastAPI backend with async SQLAlchemy and PostgreSQL row-level security
  • React 18 frontend with Vite, TanStack Query, and Tailwind CSS
  • Argon2id password hashing with server-side pepper and HIBP breach checking
  • httpOnly cookie auth with JWT access/refresh token rotation
  • Multi-tenant data model — all tables scoped by organisation_id with cascade deletes
  • Module auto-discovery system — drop a module folder, it registers at startup
  • Marketing site foundation on Astro with first public pages

Want to see the platform?

Book a walkthrough to see how Devalo works for your business.

Book a Demo